CVE-2019-5694

CWE-427 CWE-4263 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 58.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Nvidia GPU Display Driver

Timeline

PublishedNov 9

Latest updateMay 24

Description

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.6 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5nvidia/nvidia_gpu_display_driverAll

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-9vc7-fvqc-rx92: NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs wi↗2022-05-24

▶

CVEList

CVE-2019-5694: NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system↗2019-11-09

▶